7 Data Security Steps Your Business Should Take Right Now

Keeping your data organized and secure will be a top priority this year, not only with updated regulations like the General Data Protection Regulation (GDPR) but also because the overall IT security landscape continues to look bleak. In a survey conducted by a research firm Statista just last year, US companies ranked cyber threats as related to their high-risk threat, right next to an interruption in a key business process like the supply chain. Small businesses will be particularly vulnerable, not only because they have limited resources to deal with this problem, but also because hackers are beginning to target this segment specifically and collectively.

We'll take a break from starting a new entrepreneurial venture and instead focus on helping you better protect what you already have. Fortunately, protecting your company and its data warehouses can be broken down into an iterative process, like most IT responsibilities. To help you get started, we've compiled a list of seven key questions you should ask and be sure to get answers, preferably from your organization's IT, staff.

1. Are We Using Security Software?

Endpoint Protection software monitors and protects your corporate network from external devices that try to create entry points for attacks. These tools usually include a combination of antivirus, firewall, and mobile device management (MDM) (more on this later). Using one of these tools, your dedicated technical team (if you have one) will be alerted to threats if and when they arise.

“Even if you are a small business, all endpoints must be protected by security software as there are many threats that can harm your business and your customer's data,” said Adrian Liviu Arsen, a senior e-threat analyst at Bitdefender. "From ransomware to keylogging malware and advanced threats to use your company as a gateway for your customers, if you are a service provider, security software is not only recommended but required."

2. Do We Back Up Our Data?

If your company has ever been hacked or your office was hit by a hurricane, then backing up your most recent data will help you get started with minimal data hassle. Backing up your information in the cloud will ensure that your business can resume after a brief physical recovery. If you have never backed up your data, then you are actually starting your business from scratch. Plus, data backups combined with endpoint protection software can identify threats as they arise, exclude them from your network, and then bring your network back to the most recent and most secure state.

There are simple ways to back up your data, including setting up automatic backups using disaster recovery (DR) software and copying system files to other regions (in case of a geographic problem). Regardless of which you choose, you need to start backing up immediately.

“Backups and backups are vital to business continuity, as any loss or disruption could mean going out of business or be seriously damaged over the long term,” Arsen said. “Ransomware is a great example of what can happen if you don't have backups. But sometimes there is a hardware problem, and having a single copy of your critical assets is not recommended. "

3. Do We Encrypt Our Data?

Most endpoint security software vendors will also help you encrypt your data as it travels through your network, as it leaves your network and resides on your servers intact. Encryption essentially turns your plaintext data into ciphertext format - an incomprehensible confusion about the true plaintext sequence of your data. When you enter the decryption key, your data is decrypted and sent back to the normal format. So if someone breaks into your system and steals your data, they will see the encrypted version, not the clear text version.

Caution: Attacks can occur at different stages of the data transfer process. They can happen when data is sent from the server to its destination. Attacks can occur when data is stored on your servers, and hacks can occur when data is transferred from one device to another on the network itself. When contacting your endpoint protection service provider, be sure to ask if they can help you encrypt data in transit and at rest.

“Both types of data must be encrypted, especially if you are dealing with sensitive and confidential information about your customers,” said Arsen. "Any piece of information can be monetized by cybercriminals, and keeping all information encrypted not only makes their job more difficult but also makes your job more secure."

4. Are We Using Smart Cloud Storage?

Most companies these days, especially small and medium enterprises, have at least a few data stores in the cloud. Business-grade cloud storage providers are plentiful, and the value they offer in terms of total storage cost as well as managed service capabilities simply cannot be outmatched in most cases by on-site storage solutions, which tend to be more expensive. but also patented.

However, while the basic setup of services such as Dropbox Business or Amazon S3 can be relatively straightforward, taking full advantage of their data security features can be very useful to explore. But this is a curve that you will surely want to eat your IT pros, as these providers can give even small businesses access to advanced storage security capabilities that they will have to spend a lot more money on in order to implement them locally.

For example, we discussed data encryption earlier, but while the vast majority of cloud service providers have the ability to encrypt data stored in their services, not all of them do it by default. Plus, not all of them also encrypt data as it travels between them and your other app server or your users' devices. These parameters should be researched, enabled, and tracked by the IT department.

There are also more advanced features that take some work to implement but may have long-term benefits. One of them is data classification. It is a generic term for the various technologies that storage providers can allow their customers to use to organize their data into categories specific to their particular business. This not only makes it easier to find and process, but it also improves security, as some of these services can assign file-level protection to specific classifications. In some cases, these protections can track a file even after it leaves the cloud storage provider's servers and is moved to a device or server by someone outside the customer's organization, such as a customer or partner.

When used in this way, secrets can control not only who can access the file, but also what they are allowed to do with it — whether it be read, printed, modified, or shared with others. This allows you to store certain information much more securely while still being able to share it outside of your company.

5. Do We Have a Firewall?

You wouldn't have a home without a front door, would you? Then why run the network without a firewall? Your firewall allows you to block unwanted traffic from entering your corporate network. This means you will be able to maintain a private intranet without exposing all of your company data to the public webserver that your company runs on.

“Firewalls are great for protecting against attackers who want to either scan your network or find open services and ports that can be used for remote access,” said Arsen. "With firewalls, you can also set rules by which IP addresses can access various resources or control inbound and outbound traffic."

But, just like researching your cloud storage provider's offerings, it's also a good idea to make sure you understand the full capabilities of your firewall. These devices are becoming more sophisticated, including the ones that make up a universal small business Wi-Fi router or virtual private network (VPN). For example, while you may have enabled a basic network firewall as part of the initial router configuration, you probably also have the option to enable a web application firewall, which can provide specific protection for data sent through web applications.

Another option is to investigate the managed firewall service. As the name suggests, this is simply a firewall that the service provider manages for you on a subscription basis. On the plus side, you can easily enable more advanced features as the experts are in charge of firewall management. It also means you can be sure that your firewall always has the latest defenses, patches, and software updates. Possible downsides include the fact that you are likely sharing your firewall with other clients, and that in this configuration, all your web traffic will be routed through this third party system before you reach the Internet or your users. This can be a bottleneck

6. What is Our Procedure for Remote Access?

Today, every organization, regardless of size, may have employees, customers, or other employees who need remote access to company resources. Sit down with your IT staff and figure out what the process is for making these connections. It is a repeatable process, the same for everyone; or are different people used to accessing your resources in different ways? If the latter, then this is a problem.

Remote access must be the same for everyone. This means that your IT pros should focus not only on what happens on their side of the firewall after a login request but also on what needs to happen on the other side of the firewall to make such a request legitimate. Remote clients should be scanned to ensure that devices are properly updated and protected by business-grade endpoint security software. They must also log in using a VPN, and all of these requests must be processed through an identity management system. Both of these measures have affordable low-cost versions available that should be easily implemented by even small businesses with fewer IT resources.

7. What is Our Company-wide Device Policy?

Bring Your Own Device (BYOD) policies allow employees to choose which hardware and software to run when running business processes. While these policies provide flexibility for employees (and savings for companies that no longer need to purchase devices for new employees), there are several risks associated with BYOD plans. Top of the list: How do you protect the data stored on these devices if you don't choose software and create a secure access protocol?

“Most small businesses often rely on BYOD but usually don't have a security policy,” Arsen said. “To this end, it is also recommended to restrict access to critical information that is accessed by devices delivered by employees, either through segregating networks or through the implementation of access policies, as well as manage mobile devices. Since handheld computers are also used to access e-mail and internal data, it is important to either manage them with a dedicated solution or only allow them access to non-critical data. ”